Translate Package URLs (PURLs) into validated download URLs for source code artifacts

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for alkamod from gravatar.com alkamod

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Oscar Valenzuela B.
  • Tags purl , package-url , package-manager , source-code , license-compliance , ai-detection , semantic-analysis , semantic-copycat , code-copycat
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers
Report project as malware

This project has been archived.

The maintainers of this project have marked this project as archived. No new releases are expected.

Project description

PURL2SRC - Package URL (PURL) to Source

Translate Package URLs (PURLs) into validated download URLs for source code artifacts.

Features

  • Multi-ecosystem support: NPM, PyPI, Cargo, NuGet, GitHub, Maven, RubyGems, Go, Conda, and more
  • Three-level resolution strategy:
    1. Direct URL construction based on known patterns
    2. Package registry API queries
    3. Local package manager fallback
  • URL validation: Verify download URLs are accessible
  • Batch processing: Process multiple PURLs from files
  • Multiple output formats: JSON, CSV, or plain text
  • Extensible architecture: Easy to add new package ecosystems

Installation

pip install semantic-copycat-purl2src

Usage

Command Line

# Single PURL (default text output)
purl2src "pkg:npm/express@4.17.1"
# Output: pkg:npm/express@4.17.1 -> https://registry.npmjs.org/express/-/express-4.17.1.tgz

# JSON output format
purl2src "pkg:npm/express@4.17.1" --format json

# With validation
purl2src "pkg:pypi/requests@2.28.0" --validate

# Batch processing from file
purl2src -f purls.txt --output results.json

# Batch processing with JSON to stdout
purl2src -f purls.txt --format json

Python API

from purl2src import get_download_url

# Get download URL for a PURL
result = get_download_url("pkg:npm/express@4.17.1")
print(result.download_url)
# https://registry.npmjs.org/express/-/express-4.17.1.tgz

# Without validation (faster)
result = get_download_url("pkg:pypi/requests@2.28.0", validate=False)

Supported Ecosystems

Ecosystem PURL Type Example
NPM npm pkg:npm/@angular/core@12.0.0
PyPI pypi pkg:pypi/django@4.0.0
Cargo cargo pkg:cargo/serde@1.0.0
NuGet nuget pkg:nuget/Newtonsoft.Json@13.0.1
Maven maven pkg:maven/org.apache.commons/commons-lang3@3.12.0
RubyGems gem pkg:gem/rails@7.0.0
Go golang pkg:golang/github.com/gin-gonic/gin@v1.8.0
GitHub github pkg:github/facebook/react@v18.0.0
Conda conda pkg:conda/numpy@1.23.0?channel=conda-forge&subdir=linux-64&build=py39h1234567_0
Generic generic pkg:generic/package@1.0.0?download_url=https://example.com/file.tar.gz

Examples

NPM with Scoped Package

purl2src "pkg:npm/@angular/core@12.0.0"
# Output: https://registry.npmjs.org/@angular/core/-/core-12.0.0.tgz

Maven with Classifier

purl2src "pkg:maven/org.apache.xmlgraphics/batik-anim@1.9.1?classifier=sources"
# Output: https://repo.maven.apache.org/maven2/org/apache/xmlgraphics/batik-anim/1.9.1/batik-anim-1.9.1-sources.jar

Generic with Checksum Validation

purl2src "pkg:generic/mypackage@1.0.0?download_url=https://example.com/pkg.tar.gz&checksum=sha256:abcd1234..."

License

Apache License 2.0 - see LICENSE file for details

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for alkamod from gravatar.com alkamod

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Oscar Valenzuela B.
  • Tags purl , package-url , package-manager , source-code , license-compliance , ai-detection , semantic-analysis , semantic-copycat , code-copycat
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

1.2.2

1.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

semantic_copycat_purl2src-1.2.2.tar.gz (22.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

semantic_copycat_purl2src-1.2.2-py3-none-any.whl (27.3 kB view details)

Uploaded Python 3

File details

Details for the file semantic_copycat_purl2src-1.2.2.tar.gz.

File metadata

File hashes

Hashes for semantic_copycat_purl2src-1.2.2.tar.gz
Algorithm Hash digest
SHA256 a543710f40d92ac6f944042149a07b039c6287eb9f9a636ed481afe1c31a6a2c
MD5 0ef8a30e851d474a511176051fd566db
BLAKE2b-256 130a4ad941df4d90f8c99f9dfefe42b203c97490fb52448d33ac3a7edcf2f153

See more details on using hashes here.

Provenance

The following attestation bundles were made for semantic_copycat_purl2src-1.2.2.tar.gz:

Publisher: python-publish.yml on oscarvalenzuelab/semantic-copycat-purl2src

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file semantic_copycat_purl2src-1.2.2-py3-none-any.whl.

File metadata

File hashes

Hashes for semantic_copycat_purl2src-1.2.2-py3-none-any.whl
Algorithm Hash digest
SHA256 6a152082960dc89224568bc0b41981b6cc1d8de79ef58ea155cbd27121895250
MD5 5a3c02dae61e2ee1edb49a5b9cbf4efe
BLAKE2b-256 00e34d9d30685ed28ddb3e17cd8b5dbaa636de73977dbd04cc6425ad94baa785

See more details on using hashes here.

Provenance

The following attestation bundles were made for semantic_copycat_purl2src-1.2.2-py3-none-any.whl:

Publisher: python-publish.yml on oscarvalenzuelab/semantic-copycat-purl2src

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page